Information home electric appliance

ABSTRACT

By performing initial user registration via an SSL-compliant browser in an information home electric appliance  100,  user&#39;s private key, digital certificate, and member information are downloaded (b 2 ) into the storage device in the information home electric appliance. At card use time, when the user selects products on a merchant&#39;s SSL-compliant server and issues a purchase instruction (c 1 ), the user is identified locally in the information home electric appliance based on a personal identification number. Subsequently, the information home electric appliance accesses an SSL-compliant settlement server  220  (C 4 ) and sends a digital certificate and member information stored in the appliance. Then, mutual authentication is performed between the user and the settlement server and, based on the member information, an authorization gateway  241  authorizes the account settlement (c 5 ). This allows even an information home electric appliance with a relatively small capacity memory device to conduct relatively secure transactions over the Internet using a credit card.

[0001] The present invention relates to an information terminal device,and more particularly to an information home electric appliance, such asa cellular phone suitable, for settlement (payment) by an electroniccredit card account for products, which are purchased with a credit cardat virtual stores on a communication medium, using the information homeelectric appliance.

BACKGROUND ART

[0002] Recently, the Internet has rapidly become popular even at homewith electronic commerce being carried on over the Internet. Forexample, SET (Secure Electronic Transaction) is known as a protocol formaking a card account settlement over the Internet. A card member(cardholder) installs a SET-dedicated application, called Wallet, intohis or her own personal computer (PC) , while a merchant that opens avirtual store installs a SET-dedicated application into the web server.The user browses the web pages of the sites of virtual stores with abrowser, which is provided for browsing the World-Wide Web (WWW) , toselect a product the user wants to purchase This purchase instructionstarts the Wallet on the personal computer to make a card accountsettlement with the settlement gateway (payment gateway). After that,the product is sent from the merchant to the user.

[0003] For the details on the SET, see “USING SET for Secure ElectronicCommerce” written by Grady N. Drew and translated by Takeaki Ota,Pearson Education Co.

[0004] On the other hand, while a personal computer has been usedconventionally as a primary tool for accessing the Internet, a non-PCapparatus, such as a cellular phone (including a PHS: Personal Handyphone System), television set, video game machine, word processor, andcar navigator are used now for this purpose (For sake of convenience,those information terminals are called information home electricappliances in this specification). Therefore, it is desired thatelectronic commerce be carried on easily and securely even on thoseinformation home electric appliances.

[0005] However, because user's ability to directly access data (files)stored in an internal storage device (for example, a hard disk device)of a standard personal computer requires some special measures and,because a special security protocol is used, a SET-dedicated applicationmust be large in size. For this reason, on an information home electricappliance, especially a cellular phone on which a large-capacity memorydevice cannot be included, there is a limit on the size of aninstallable application (program) and therefore it is difficult toinstall the application described above.

[0006] In view of the foregoing, it is an object of the presentinvention to allow even an information home electric appliance with onlya relatively small capacity storage device to conduct relatively securetransactions on the Internet with a credit card.

DISCLOSURE OF THE INVENTION

[0007] Some WWW (World Wide Web) browsers comply with an encryptionprotocol, such as SSL (Secure Socket Layer), to securetly communicatewith a communication partner. The SSL is described, for example, in“Full Description of Web Server Technology” written by Nancy J. Yeager,Robert E. McGrath and translated by Yoshiko Enomoto, Nikkei BP, pp.367-371. The present inventors have extended an existing browser, whichis compliant with the encryption communication protocol, to provide abrowser which is relatively small but supports electronic commerce, andan information home electric appliance that uses the browser. Thebrowser, including a part corresponding to a SET application, may beinstalled even in an information home electric appliance.

[0008] Communication security (a message not being decoded even ifintercepted or there being neither pretender nor message alterations) isvital to electronic commerce on the Internet. The present invention isnow able to reduce the program installation size of the whole browser,including a part corresponding to a SET application, to at least{fraction (1/10)} of the SET application by using an encryption protocolincluded in the browser, such as SSL, as programs for encryption,authentication, etc.

[0009] Conveniently enough, unlike a personal computer, an informationhome electric appliance does not provide the user with a function todirectly access data or files in the internal storage device, making itdifficult to illegally obtain or alter internal data. Therefore, specialmeasures, which would be required in a personal computer, need not betaken.

[0010] An information home electric appliance according to the presentinvention is an information home electric appliance for use in anelectronic account settlement of products purchased via a credit card ata virtual store on a communication medium, the information home electricappliance having an Internet accessing capability, comprising:

[0011] storing means for storing a browser for browsing documentsdescribed in a markup language, the browser being compliant with anencryption communication protocol; and

[0012] input means for causing a user to input characters,

[0013] wherein the browser comprises:

[0014] for use in initial user registration for shopping at a virtualstore by a card member who is a user of the information home electricappliance,

[0015] a first function that allows the information home electricappliance to communicate with a card issuer's server, which is compliantwith the encryption communication protocol, in response to aninstruction from the user to input to the server a card number, personalinformation for identifying the card member, and password informationfor electronic account settlement decided by the card member;

[0016] a second function that receives, from the card issuer's server,information for authenticating the card member in accordance with theencryption communication protocol and personal information on the cardmember and stores the received information into a storage device in theinformation home electric appliance;

[0017] and, for use in purchasing products at the virtual store,

[0018] a third function that allows the information home electricappliance to communicate with a site of the virtual store in response toan instruction from the user;

[0019] a fourth function that requests the user to input the passwordinformation for electronic account settlement and compares the enteredpassword information with password information stored in the applianceto confirm that the user is the card member who requested the initialuser registration via the information home electric appliance;

[0020] a fifth function that sends order information to a server of thevirtual store in response to an instruction from the user;

[0021] a sixth function that accesses a settlement server of the cardissuer via the Internet in response to an instruction from the server ofthe virtual store that received the order information; and

[0022] a seventh function that authenticates the card member with thesettlement server using the information for authenticating the cardmember and then sends the personal information stored in the storagedevice to the settlement server.

[0023] The present invention described above allows a relatively securetransaction to be made via a credit card on a communication medium evenwith an information home electric appliance with a relatively smallcapacity storage device.

[0024] During initial user registration for shopping at virtual storesby a card member who is the user of the information home electricappliance, the browser described above may have a function to cause theuser to input password information for the card member assigned by thehost computer of the card issuer instead of the function to causing theuser to input password information for electronic account settlementdecided by the user.

[0025] Personal information on a card member received by the informationhome electric appliance from the server of the card issuer at leastincludes a card number and a card expiration date. This card number neednot be the card number entered by the user during initial registrationbut may be a new card number issued by the card issuer.

[0026] The browser may have a function to receive secret informationfrom the server of the card issuer during the initial user registrationand a function to receive the secret information and the passwordinformation in response to an instruction from the server beforereceiving information for authenticating the card member in accordancewith the encryption communication protocol and personal information onthe card member from the server of the card issuer.

[0027] The browser may have an eighth function that downloads, via acommunication medium, a computer program for executing the first toseventh functions instead of initially having the first to seventhfunctions.

[0028] In addition, the present invention may be implemented as acomputer program that performs the functions described above and as itsrecording medium.

BRIEF DESCRIPTION OF THE DRAWINGS

[0029]FIG. 1 is a block diagram showing the general configuration of anelectronic credit card account settlement system according to thepresent invention and the flow of information among the components;

[0030]FIG. 2 is a block diagram showing an example of the generalconfiguration of the hardware of a cellular phone in the system shown inFIG. 1;

[0031]FIG. 3 is a diagram showing the input operation of a user when anexamination request is made in step al in FIG. 1;

[0032]FIG. 4 is a diagram showing the input operation of a user when anexamination result is confirmed in step b1 in FIG. 1;

[0033]FIG. 5 is a diagram showing the input operation of a user when acard is used in FIG. 1;

[0034]FIG. 6 is a flowchart showing the processing procedure forpurchasing products via a cellular phone in the embodiment of thepresent invention;

[0035]FIG. 7 is a diagram showing an example of the configuration of aweb browser extended for an account settlement function in the presentinvention; and

[0036]FIG. 8 is a diagram showing another example of the configurationof a web browser extended for the account settlement function in thepresent invention.

BEST MODE FOR CARRYING OUT THE INVENTION

[0037] A preferred embodiment according to the present invention will bedescribed in detail below with reference to the attached drawings.

[0038]FIG. 1 is a block diagram showing the general configuration of anelectronic credit card account settlement system according to thepresent invention and the flow of information among the components ofthe configuration. In this example, three stages are shown as the systemuse stages. That is, the first stage is an “(a) Initial userregistration” stage in which a user, who is already a card member, mustperform only once in the beginning for making an electronic credit cardaccount settlement (hereafter simply referred to as a card settlement oran electronic settlement). The second stage is an “(b) Examinationresult confirmation” stage performed by the user following the initialregistration. The user also performs this second stage only once in thebeginning. The third stage is a “(c) Card use (product purchase) stage”in which the user actually purchases products at virtual stores ofmerchants. This stage can be repeated. As will be described later, thesecond stage (b) may be regarded as a part of the first stage (a)Initial user registration.

[0039] In this embodiment, the user is assumed to use a cellular phone,which is used as an information home electric appliance with acapability to access the Internet, as an electronic settlement terminal.This cellular phone has the Internet accessing capability, and its webbrowser supports SSL (for example, 128 bits). However, note that theterminal used in the present invention is not limited to a cellularphone but that an information home electric appliance, such as atelevision set (including a so-called set-top box) , a video gamemachine, a word processor, and a car navigator, may be used.

[0040] The following describes the contents of each stage in detail. Ineach stage, data communicated over the Internet is preferably encryptedusing the SSL.

[0041] (a) Initial User Registration

[0042] In this stage, a card issuer examines the user if he or she isallowed to make an electronic settlement. In this embodiment, thisinitial user registration is performed for a card member who has alreadyacquired a credit card from the card issuer. However, immediately beforethe initial user registration, a non-card-member user may perform themember enrollment procedure.

[0043] In response to an instruction from the user, a cellular phone 100accesses a web server 200 (for example, theURLhttps://www.xxx-card.co.jp) of the card issuer via the Internet. Thisweb server 200 is an SSL-compliant server that supports the SSL. Theserver 200, with a storage unit 201 containing web information (a formcomposed of text, image, and a combination of them) described in amarkup language such as HTML, XML or the like sends the web informationto the user's cellular phone 100 when the web site is accessed. Inresponse to this web information, an SSL-compliant browser installed inthe user's cellular phone 100 interprets the web information anddisplays it on the screen. During the initial user registration for anelectronic card settlement, the user receives a form, in which the usermust fill in the required information, from the web server 200. Thisform has columns for specifying various types of user's personalinformation (member information) and a Personal Identification Number(PIN) decided by the user. This personal identification number is storedin the internal nonvolatile storage device (flash memory in thisexample). This personal identification number identifies the user and,other than such a personal identification number, any information suchas a fingerprint, iris, or voiceprint, may be used as long as itidentifies the user. In the present invention, information foridentifying the user, including a personal identification number, isgenerally called password information. The cellular phone 100 sends thefilled-in form, as well as an examination request, to the web server 200(a1). The information that is sent is encrypted by a known SSL-basedmethod before being sent. An example of personal information that isentered when an examination request is entered will be described later.In response to this information, the web server 200 sends SecretInformation (SI) back to the cellular phone 100 (a2).

[0044] The web server 200 transfers the examination request to a hostcomputer (hereinafter simply called a host) 240 of the card issuer, forexample, via the LAN (a3). In response to this request, the host 240makes a judgment based on a predetermined condition (S11) and sends thejudgment result back to the web server 200 (S12, a4). The judgmentresult includes not only the information indicating theacceptance/rejection of user's electronic settlement but also, for auser who is accepted, the member information on the user. This memberinformation is stored in a storage unit 202 in the web server 200.Although this member information corresponds to the personal informationentered by the user in step al before, the details and the format arenot always the same.

[0045] The host computer 240 also requests a predetermined CertificationAuthority (CA) 230 to issue the digital certificate of the user thatwill be used for user authentication (client authentication) andencryption (a5). The certification authority 230 generates a pair ofkeys (public key and private key) used in the public key cryptosystem,as well as the digital certificate of the public key, for the user(S21). The digital certificate for the user is generated by thecertification authority 230 that digitally signs a message, whichcontains the user name (or identifier) and the public key of the user,to guarantee the authenticity of the key. RSA is known as an example ofthe public key cryptosystem. The certification authority 230 sends theprivate key and the digital certificate, which have been encrypted (forexample, RSA PKCS#12 format), to the web server 200 of the card issuervia a predetermined route (S22, a6). The web server 200 decrypts themand stores them in a storage unit 203 (that may be the same as thestorage unit 202 described above). This decryption is done assuming thatthe user's information home electric appliance has no decryptionfunction when the information is sent to the user later. If theinformation home electric appliance has such a function, the web server200 need not perform this decryption.

[0046] (b) Examination Result Confirmation

[0047] In this stage, the user who issued an examination requestaccesses the web server 200 again at a later date via the Internet toknow the examination result. That is, in response to a user'sinstruction, the cellular phone 100 sends an examination result inquiryrequest (b1). Upon receiving this request, the web server 200 requeststhe user to input the secret information (SI) received from the webserver 200 at the examination request time and the personalidentification number (PIN) entered by the user at the examinationrequest time. Based on this personal identification number, the webserver 200 checks if the user who made the examination resultconfirmation request is the person identical to the user who made theexamination request and identifies the examination request based on thesecret information.

[0048] The web server 200 that has received the examination resultinquiry sends the examination result back to the user (b2). If theexamination result is “OK”, the cellular phone 100 is allowed todownload the member information of the user stored in the storage unit202 and the private key, digital certificate, and member informationstored in the storage unit 203 (b2). The downloaded information may berecognized as an electronic credit card. The cellular phone 100 storesthe downloaded information in its own storage device (for example, aflash memory 107 that will be described later) in a predeterminedformat. The user of the cellular phone 100 is not given means fordirectly accessing or rewriting the stored information. The cellularphone 100 sends a confirmation message to the web server 200 indicatingthat the information has been correctly stored (b3). The cellular phone100 may store the downloaded information in the encrypted form, in thestorage device. In response, the web server 200 deletes the memberinformation from the server for security.

[0049] (C) Use of a Card (Product Purchase)

[0050] After stage (b), the user is able to visit the virtual store siteof any merchant on the Internet, place an order for a product or thelike, and make the electronic settlement of the purchase using the card.For example, when the cellular phone 100 (browser) accesses the site ofmerchant A in response to the user's instruction, an SSL-compliant webserver 210 of merchant A sends the web information (home pageinformation) from a storage unit 212, in which web information forpurchasing products is stored, to the cellular phone 100. The browser ofthe cellular phone 100 displays its contents on the screen. The userselects from the screen a product to be purchased and issues an orderinstruction (c1) . In response to this instruction, the web server 210of merchant A adds an order number to each order and sends data, such asthe merchant ID and purchase amount, as well as an order acceptancemessage to the cellular phone 100 as the product purchase slip (c2).Instead of, or in addition to, this message, the confirmation mail(electronic mail) of the order may be sent to the cellular phone 100 ofthe user. The product purchase slip including the order number is sentto an SSL-compliant settlement server 220 over the Internet in step c4later.

[0051] A settlement component 211 attached to the web server 210 ofmerchant A performs SSL-based mutual authentication with a settlementcartridge 221 attached to the settlement server 220 provided by the cardissuer over the Internet and, after that, the settlement cartridge 221obtains the order information (c3) described above. However, because theorder information is sent also from the cellular phone 100, the orderinformation need not always be sent from the web server 210 of merchantA to the settlement server 220. The settlement component is a softwarecomponent for making a settlement on the web server 200, while thesettlement cartridge is a software component for making a settlement onthe settlement server 220. There is a difference in the names of thosesoftware components for reference convenience only; there is no otherspecial meaning. Mutual authentication refers to the authenticationperformed by two communication parties to authenticate that the otherparty is genuine. In this case, the web server 210 of merchant Aauthenticates that the settlement server 220 is a genuine settlementserver and, at the same time, the settlement server 220 authenticatesthat the web server 210 is the genuine web server of merchant A.Therefore, both merchant A and the settlement server 220 must haveobtained their own digital certificates from the predeterminedcertification authority in advance.

[0052] In addition, the cellular phone 100 accesses the settlementserver 220 either automatically (for example, according to theconfirmation mail or to the instruction in the settlement server's link(URL) included in the product purchase slip) or in response to aninstruction from the user. If, after SSL mutual authentication, theauthentication result is good, the cellular phone encrypts thepre-stored member information and the product purchase slip informationand sends them to the settlement server 220 (c4). During the mutualauthentication between the cellular phone 100 (client) and thesettlement server 220, the server sends its own digital certificate tothe client in response to access from the client and, at the same time,the client sends its own digital certificate to the server. They use theknown method to confirm each other that the other party is a genuineparty. Although an SSL-compliant browser has conventionally performedserver authentication in most cases, the browser also performs userauthentication (client authentication) in the present invention. To doso, a pair of the private key and the public key in the public keycryptosystem is given also to the user as described above, and userauthentication is performed using the digital certificate, whichincludes the user's public key, and the private key.

[0053] If step c1 and step c4 are performed in the same session, theconfirmation mail described above is not always needed.

[0054] The settlement server 220 communicates with an authorizationgateway 241 of the card issuer (or directly with the host computer 240)to decide whether the user is authorized to settle the account (performauthorization) (c5). In this case, the member information, which hasbeen sent from the cellular phone 100 to the settlement server 220 inadvance, is used. For example, if the member information indicates thatthe credit card has expired, the settlement is rejected. Theauthorization checking result is reported to the cellular phone 100(c6). Although the settlement server 220 and the authorization gateway241 communicate each other over the Internet, they may communicate via aleased line or a LAN because the communication is a one-to-onecommunication.

[0055] The settlement cartridge 221 of the settlement server 220performs SSL mutual authentication with the settlement component 211 ofthe merchant A over the Internet and, then, performs final salesprocessing (c7) During this sales processing, the merchant charges thecard issuer for the product whose settlement has been authorized.

[0056] In this way, electronic settlement is done in real time. When thesettlement is completed, the product is delivered from the merchant A tothe user.

[0057] Although it is assumed in this embodiment that the first stageand the second stage are performed in separate communication sessionswith an interval of time between them, the first stage and the secondstage may be thought of as one stage if they can be performed in onecommunication session. In that case, the secret information acceptancestep (a2) and the examination result inquiry step (b1) are notnecessary.

[0058]FIG. 2 shows an example of the general hardware configuration ofthe cellular phone 100. In the configuration shown in FIG. 2, a centralprocessing unit (CPU) 101 controls the cellular phone 100 in itsentirety. Connected to the CPU 101 are a ROM 105, a flash memory 107, aRAM 108, a flat display 122, keys 131, and a communication controller133.

[0059] The ROM 105 is a read-only nonvolatile memory in which computerprograms to be executed by the CPU 101 and necessary data are stored.The programs include a browser whose function has been extended by thepresent invention.

[0060] The flash memory 107 is a re-writable nonvolatile memory in whichdownloaded data or programs are stored in a non-volatile basis. Thismemory need not be a flash memory as long as it is storage means thatattain the intended object.

[0061] The RAM 108 provides temporary storage areas, work areas, andareas for storing various types of data required by the CPU 101 forprogram execution.

[0062] The flat display 122 is a device on which various types ofinformation on this cellular phone are displayed for the user.

[0063] The communication controller 133 is a voice and datacommunication control unit connected to an antenna 135 via an RF unit134 and connected also to a microphone 136 and a speaker 137.

[0064] The means and operation of the cellular phone according to thepresent invention are implemented primarily by the execution of theprograms, stored in the ROM 105 (or flash memory 107), by the CPU 101.

[0065] In FIG. 1, more detailed configuration (for example, displaymemory, display controller, or input/output controller, and so on) isomitted.

[0066]FIG. 7 shows an example of the configuration of a web browser 40whose function has been extended for a settlement (payment) function.The browser 40 is pre-stored in the ROM 105 shown in FIG. 1. Theupgraded part of the browser or additional functions are stored in theflash memory 107.

[0067] The browser 40 comprises a browser body 41 that browses documentscoded in a markup language, an HTTP protocol processor 42 that transfershypertext, and a transport protocol processor 43 that processes atransport protocol such as TCP/IP.

[0068] The browser body 41 has major functions 411, 412, and 413, addedas the special functions for use in the present invention. The function411 is a processing function for PIN storage in step a1 in FIG. 1 andfor obtaining, storing (downloading), and reading the private key,certificate, and member information in step b2. The function 412 is aprocessing function for executing the preprocessing of step c1; that is,the function receives the personal identification number (PIN) andconfirms that the received number matches the correct number. Thefunction 413 is a processing function for sending the member informationto the settlement server 220 in step c4.

[0069] The transport protocol processor 43, which has an SSL protocolprocessor 431 including an encryption module, performs SSLauthentication using the server authentication certificate obtained whenthe card is used, the downloaded and stored card member's authenticationcertificate, and the private key.

[0070] In this way, by adding the functions necessary for the presentinvention to an existing web browser which supports the encryptioncommunication protocol (preferably, a web browser for use on a portableterminal) the program installation size can be minimized.

[0071]FIG. 8 shows another example of the configuration of the browser.In this example, instead of directly changing the browser body 41, acard settlement Java module 421, which performs a card settlementrelated processing module on a Java (trademark) virtual machine (VM)431, is downloaded from a predetermined web site into the flash memory107 before the processing of the present invention is performed. Thecard settlement Java module 421 performs, at a later time, the functionsequivalent to those of the functions 411, 412, and 413 shown in FIG. 7.The configuration shown in FIG. 8 eliminates the need for the additionalfunctions to be included into the body of the browser 40 in advance butallows the user to add the card settlement function as necessary.

[0072] Next, referring to FIG. 3, the user input operation at anexamination request time in step al in FIG. 1 will be described. FIGS.3(a), (b), and (c) show how the screen 301 of the display 122 of thecellular phone 100 changes during this operation. FIG. 3(a) shows themenu screen displayed when the user accesses the home page of the cardissuer. The user can press a key or select a displayed button to enterwhat he or she wants the cellular phone to do. A displayed button isselected by moving the focus to the button with an arrow key or the likeand then pressing a special key such as a confirmation key. To make anexamination request, the user selects, for example, “2. e-CARDREGISTRATION” shown in the figure. This causes the web server 200 toprovide a form, such as the one shown in FIG. 3(b), in which user'spersonal information is entered. The up/down double-headed arrow in FIG.3(b) indicates that, when all information cannot fit on the screen at atime, the image scrolls in the upward or downward directionautomatically as the user enters information or in response to aninstruction from the user. Alternatively, the screen may be designedsuch that the user is prompted to enter information one or more inputitems at a time that fit on the screen. Because the cellular phone isassumed as an information home electric appliance in this example, Kanaand alphanumeric/symbolic characters are assumed as input characters. Ofcourse, for a cellular phone that has Kanji input function, Kanjicharacters may be accepted. Personal information in this exampleincludes the card number of the user's credit card, its expiration date,personal identification number (PIN) name, address, ZIP code, bankaccount number from which the payment through the credit card is made,and electronic mail address. The personal identification number is, forexample, a user-specified numeric value with a predetermined number ofdigits. This personal identification number, which is used in theexamination result confirmation stage and in the use stage, may bedifferent from the password of the credit card. It is also possible thatthis personal identification number is decided by the card issuer afterthe examination request and that the decided personal identificationnumber is sent to the user via mail or communication (for example, whenstep b2 is carried out).

[0073] Upon completion of the input of the personal information on thescreen in FIG. 3(b), the message indicating that the registrationprocedure has completed, as well as the secret information (SI), isdisplayed as shown in FIG. 3(c). The user writes down or memorizes thisnumber for use in the examination result confirmation time describedabove.

[0074] Next, referring to FIG. 4, the user input operation at theexamination result confirmation time in step b1 in FIG. 1 will bedescribed. FIGS. 4(a), (b), and (c) show how the screen 301 of thedisplay 122 of the cellular phone 100 changes. When the user selects “3.CERTIFICATE DOWNLOADING” from the menu screen shown in FIG. 4(a), theuser is prompted to enter the secret information and the personalidentification number (PIN) as shown in (b) of the same figure. Whenboth data units are entered and if they are authentic, the informationsuch as the certificate is downloaded and, as shown in (c) of the samefigure, the message indicating that authentication registration hascompleted is displayed.

[0075] Next, referring to FIG. 5, the input operation of the user at ause time (at a product purchase time) in steps c1 and c4 in FIG. 1 willbe described. The flowchart in FIG. 6 is also referenced. FIGS. 5(a)-(d)show how the screen 301 of the display 122 of the cellular phone 100changes during this operation. The screen in FIG. 5(a) shows the screenthat is displayed after the user visits the virtual store site of amerchant (S41 in FIG. 6) and selects desired products on the home page(S42, S43). When the user decides to purchase the products (S44), thescreen changes to the one shown in FIG. 5(b). On the screen shown inFIG. 5(b), the user is prompted to enter the personal identificationnumber (PIN) (S45). The cellular phone 100 compares the entered personalidentification number with the personal identification number alreadystored internally (S46) and, if they match, finds that the user is thesame user that made an examination request using the cellular phonebefore. If they do not match, the user is prompted to enter the personalidentification number a predetermined number of times (S47) and, if theydo not match within the predetermined number of times, an error messageis displayed and the further execution of the purchase procedure isrejected (S53). If they do not match successively a predetermined numberof times, the electronic credit card information (downloadedinformation) in the flash memory may be discarded.

[0076] If a match is found in the personal identification number, themessage indicating that the purchase procedure is completed is displayedas shown on the screen in FIG. 5(c) and, at the same time, access ismade to the settlement server automatically (S48). Instead ofautomatically accessing the settlement server, URL link information maybe included in the confirmation mail or the product purchase slip towait for an instruction from the user to move to a linked-to address sothat, upon receiving the instruction from the user, access may be madeto the settlement server.

[0077] Then, mutual authentication is performed between the cellularphone 100 and the settlement server 220 (S49). In this case, the user'sdigital certificate is used as described above. If the mutualauthentication is passable (S50), the cellular phone 100 automaticallysends the member information on the user to the settlement server (S51)in the SSL session with no concern to the user. This member informationis sent to the authorization gateway 241 for use in authorizing thesettlement. If the settlement is authorized, the confirmation messagesuch as the one shown in FIG. 5(d) is displayed on the cellular phone(S52).

[0078] The features of the embodiment are summarized as follows:

[0079] (1) The personal identification number (PIN) allows the cellularphone to confirm that the current user is its authentic user. Thisprevents some other person from making an electronic settlement evenwhen the cellular phone is stolen or lost. In addition, the personalidentification number is checked locally on the cellular phone.Therefore, there is no danger that personal identification number isleaked during communication that is made when the user purchasesproducts. Furthermore, as compared with making an inquiry about thepersonal identification number via communication, the time required toinquire about the personal identification number is reduced. Althoughthe personal identification number is stored in the cellular phone, theuser cannot directly access its internal storage device and thereforethe possibility that the personal identification number is illegallyread is decreased.

[0080] (2) The use of SSL (for example, 128 bits) makes it possible tomutually authenticate the communication parties with the use of digitalcertificates and to encrypt communication messages. This preventspretenders and communication message alterations and, as a result, makeselectronic commerce secure. Another advantage with the use of theSSL-compliant browser is that the embodiment may be applied easily to aninformation home electric appliance with a small memory size.

[0081] (3) Because, at the same time the information such as the digitalcertificate is sent, the member information is sent from the card issuerto the cellular phone in a session in which the user is guaranteed to bea authentic card member with authorization to make an electronicsettlement, the member information is secure. At the same time, themember information items required by the card issuer may be stored inthe cellular phone in any required format. Therefore, the memberinformation is stored in the way the card issuer intends. For example,the card number or the expiration date included in the memberinformation sent from the web server of the card issuer may be a secondcard number and/or expiration date for electronic settlement that isdifferent from that recorded on the actual credit card owned by theuser. In addition, the fact that the member information is stored in theway the card issuer intends is advantageous for data checking duringauthorization processing performed by the authorization gateway 241.Because the user cannot directly access the storage device in thecellular phone, it is less likely, as with the personal identificationnumber described above, that the member information is legally read. Inaddition, the member information is sent automatically to the settlementserver with no need for the user to input member information at use timeand with no concern to the user.

[0082] Although some preferable embodiments of the present inventionhave been described above, it is to be understood that variousmodifications and changes may be made within the scope of the claims.For example, although SSL is used as the encryption communicationprotocol, other similar encryption communication protocols, such asS-HTTP, may also be used.

[0083] “Products” in the present invention include not only visibleproducts but also invisible products such as software. A softwareproduct may be downloaded from the Internet after settlement. Inaddition, although initial user registration and product purchase overthe Internet have been described, initial user registration and/orproduct purchase may be made via TV data broadcasting over a satelliteor ground waves or via bi-directional data communication using othercommunication media such as a cable TV. For example, screen data oninitial user registration may be delivered via broadcasting. URL data ona card issuer site may also be delivered via broadcasting.

INDUSTRIAL APPLICABILITY

[0084] The present invention may be applied to an information homeelectric appliance such as a cellular phone, TV set, video game machine,word processor, car navigator, etc. to the design and manufacturing ofrelated computer programs, and relatively secure electronic commerce viacredit cards over the Internet.

1. An information home electric appliance for use in an electronicaccount settlement of products purchased via a credit card at a virtualstore on a communication medium, said information home electricappliance having an Internet accessing capability, comprising: storingmeans for storing a browser for browsing documents described in a markuplanguage, said browser being compliant with an encryption communicationprotocol; and input means for causing a user to input characters,wherein said browser comprises: for use in initial user registration forshopping at a virtual store by a card member who is the user of theinformation home electric appliance, a first function that allows theinformation home electric appliance to communicate with a card issuer'sserver, which is compliant with the encryption communication protocol,in response to an instruction from the user to input to the server acard number, personal information for identifying the card member, andpassword information for electronic account settlement decided by thecard member; a second function that receives, from the card issuer'sserver, information for authenticating the card member in accordancewith the encryption communication protocol and personal information onthe card member and stores the received information into a storagedevice in said information home electric appliance; and, for use inpurchasing products at the virtual store, a third function that allowsthe information home electric appliance to communicate with a site ofthe virtual store in response to an instruction from the user; a fourthfunction that requests the user to input said password information forelectronic account settlement and compares the entered passwordinformation with password information stored in said appliance toconfirm that the user is the card member who requested the initial userregistration via said information home electric appliance; a fifthfunction that sends order information to a server of the virtual storein response to an instruction from the user; a sixth function thataccesses a settlement server of said card issuer via the Internet inresponse to an instruction from the server of the virtual store thatreceived the order information; and a seventh function thatauthenticates the card member with the settlement server using theinformation for authenticating the card member and then sends thepersonal information stored in the storage device to the settlementserver.
 2. The information home electric appliance according to claim 1,wherein the information for authenticating the card member includes aprivate key in a public key cryptosystem and a digital certificate ofthe card member sent from the card issuer's server and wherein saidauthentication of the card member with the settlement server isperformed using the private key and the digital certificate of the cardmember.
 3. The information home electric appliance according to claim 1,wherein memory access means for use by the user for directly rewritingcontents of said storage device is not provided.
 4. The information homeelectric appliance according to claim 1, 2, or 3, wherein said browserfurther comprises a function that causes the user to input passwordinformation for the card member decided by a host computer of the cardissuer instead of the function that causes the user to input thepassword information for electronic account settlement decided by thecard member during the initial user registration for shopping at thevirtual store by the card member who is the user of the information homeelectric appliance.
 5. The information home electric appliance accordingto any one of claims 1-4, wherein the personal information that saidinformation home electric appliance receives from the card issuer'sserver includes at least the card number and a card expiration date. 6.The information home electric appliance according to any one of claims1-5, wherein said browser further comprises: a function that receivessecret information from the card issuer's server during the initial userregistration; and a function that causes the user to input said secretinformation and said password information in response to an instructionfrom the server before receiving from the card issuer's server theinformation for authenticating the card member in accordance with theencryption communication protocol and the personal information on thecard member.
 7. The information home electric appliance according to anyone of claims 1-6, wherein said browser does not initially comprisessaid first to seventh functions but comprises an eighth function thatdownloads a computer program implementing said first to seventhfunctions.
 8. A recording medium storing therein a computer program thatis executed in an information home electric appliance for use in anelectronic account settlement of products purchased via a credit card ata virtual store on a communication medium, said information homeelectric appliance having an Internet accessing capability, saidcomputer program comprising: for use in initial user registration forshopping at a virtual store by a card member who is a user of theinformation home electric appliance, a function that allows theinformation home electric appliance to communicate with a card issuer'sserver, which is compliant with the encryption communication protocol,in response to an instruction from the user to input to the server acard number, personal information for identifying the card member, andpassword information for electronic account settlement decided by thecard member; a function that receives, from the card issuer's server,information for authenticating the card member in accordance with theencryption communication protocol and personal information on the cardmember and stores the received information into a storage device in saidinformation home electric appliance; and, for use in purchasing productsat the virtual store, a function that allows the information homeelectric appliance to communicate with a site of the virtual store inresponse to an instruction from the user; a function that requests theuser to input said password information for electronic accountsettlement and compares the entered password information with passwordinformation stored in said appliance to confirm that the user is thecard member who requested the initial user registration via saidinformation home electric appliance; a function that sends orderinformation to a server of the virtual store in response to aninstruction from the user; a function that accesses a settlement serverof said card issuer via the Internet in response to an instruction fromthe server of the virtual store that received the order information; anda function that authenticates the card member with the settlement serverusing the information for authenticating the card member and then sendsthe personal information stored in the storage device to the settlementserver.
 9. The recording medium according to claim 8, wherein theinformation for authenticating the card member includes a private key ina public key cryptosystem and a digital certificate of the card membersent from the card issuer's server and wherein said authentication ofthe card member with the settlement server is performed using theprivate key and the digital certificate of the card member.
 10. Therecording medium according to claim 8 or 9, further comprising afunction that causes the user to input password information for the cardmember decided by a host computer of the card issuer instead of thefunction that causes the user to input the password information forelectronic account settlement decided by the card member.
 11. Therecording medium according to claim 8, 9, or 10, further comprising: afunction that receives secret information from the card issuer's serverduring the initial user registration; and a function that causes theuser to input said secret information and said password information inresponse to an instruction from the server before receiving from thecard issuer's server the information for authenticating the card memberin accordance with the encryption communication protocol and thepersonal information on the card member.
 12. A computer program that isexecuted in an information home electric appliance for use in anelectronic account settlement of products purchased via a credit card ata virtual store on a communication medium, said information homeelectric appliance having an Internet accessing capability, saidcomputer program comprising: for use in initial user registration forshopping at a virtual store by a card member who is a user of theinformation home electric appliance, a function that allows theinformation home electric appliance to communicate with a card issuer'sserver, which is compliant with an encryption communication protocol, inresponse to an instruction from the user to input to the server a cardnumber, personal information for identifying the card member, andpassword information for electronic account settlement decided by thecard member; a function that receives, from the card issuer's server,information for authenticating the card member in accordance with theencryption communication protocol and personal information on the cardmember and stores the received information into a storage device in saidinformation home electric appliance; and, for use in purchasing productsat the virtual store, a function that allows the information homeelectric appliance to communicate with a site of the virtual store inresponse to an instruction from the user; a function that requests theuser to input said password information for electronic accountsettlement and compares the entered password information with passwordinformation stored in said appliance to confirm that the user is thecard member who requested the initial user registration via saidinformation home electric appliance; a function that sends orderinformation to a server of the virtual store in response to aninstruction from the user; a function that accesses a settlement serverof said card issuer via the Internet in response to an instruction fromthe server of the virtual store that received the order information; anda function that authenticates the card member with the settlement serverusing a private key and a digital certificate of the card member andthen sends the personal information stored in the storage device to thesettlement server.
 13. The computer program according to claim 12,wherein the information for authenticating the card member includes theprivate key in a public key cryptosystem and the digital certificate ofthe card member sent from the card issuer's server and wherein saidauthentication of the card member with the settlement server isperformed using the private key and the digital certificate of the cardmember.
 14. The computer program according to claim 12 or 13, furthercomprising a function that causes the user to input password informationfor the card member decided by a host computer of the card issuerinstead of the function that causes the user to input the passwordinformation for electronic account settlement decided by the cardmember.
 15. The computer program according to claim 12, 13, or 14,further comprising: a function, for use in the initial userregistration, that inputs said secret information and said passwordinformation in response to an instruction from the server beforereceiving from the card issuer's server the information forauthenticating the card member in accordance with the encryptioncommunication protocol and the personal information on the card member.